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Abstract 


This memo describes per-packet stateless strict and loose path steered replication and 
forwarding for "Bit Index Explicit Replication" (BIER) packets (RFC 8279); it is called "Tree 
Engineering for Bit Index Explicit Replication" (BIER-TE) and is intended to be used as the path 
steering mechanism for Traffic Engineering with BIER. 


BIER-TE introduces a new semantic for "bit positions" (BPs). These BPs indicate adjacencies of the 
network topology, as opposed to (non-TE) BIER in which BPs indicate "Bit-Forwarding Egress 
Routers" (BFERs). A BIER-TE "packets BitString" therefore indicates the edges of the (loop-free) 
tree across which the packets are forwarded by BIER-TE. BIER-TE can leverage BIER forwarding 
engines with little changes. Co-existence of BIER and BIER-TE forwarding in the same domain is 
possible -- for example, by using separate BIER "subdomains" (SDs). Except for the optional 
routed adjacencies, BIER-TE does not require a BIER routing underlay and can therefore operate 
without depending on a routing protocol such as the "Interior Gateway Protocol" (IGP). 


Status of This Memo 


This is an Internet Standards Track document. 


This document is a product of the Internet Engineering Task Force (IETF). It represents the 
consensus of the IETF community. It has received public review and has been approved for 
publication by the Internet Engineering Steering Group (IESG). Further information on Internet 
Standards is available in Section 2 of RFC 7841. 


Information about the current status of this document, any errata, and how to provide feedback 
on it may be obtained at https://www.rfc-editor.org/info/rfc9262. 
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1. Overview 


"Tree Engineering for Bit Index Explicit Replication" (BIER-TE) is based on the (non-TE) BIER 
architecture, terminology, and packet formats as described in [RFC8279] and [RFC8296]. This 
document describes BIER-TE, with the expectation that the reader is familiar with these two 
documents. 


BIER-TE introduces a new semantic for "bit positions" (BPs). These BPs indicate adjacencies of the 
network topology, as opposed to (non-TE) BIER in which BPs indicate "Bit-Forwarding Egress 
Routers" (BFERs). A BIER-TE "packets BitString" therefore indicates the edges of the (loop-free) 
tree across which the packets are forwarded by BIER-TE. With BIER-TE, the "Bit Index 
Forwarding Table" (BIFT) of each "Bit-Forwarding Router" (BFR) is only populated with BPs that 
are adjacent to the BFR in the BIER-TE topology. Other BPs are empty in the BIFT. The BFR 
replicates and forwards BIER packets to adjacent BPs that are set in the packets. BPs are 
normally also cleared upon forwarding to avoid duplicates and loops. 


BIER-TE can leverage BIER forwarding engines with little or no changes. It can also co-exist with 
BIER forwarding in the same domain -- for example, by using separate BIER subdomains. Except 
for the optional routed adjacencies, BIER-TE does not require a BIER routing underlay and can 
therefore operate without depending on a routing protocol such as the "Interior Gateway 
Protocol" (IGP). 
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This document is structured as follows: 


e Section 2 introduces BIER-TE with two forwarding examples, followed by an introduction to 
the new concepts of the BIER-TE (overlay) topology, and finally a summary of the 
relationship between BIER and BIER-TE and a discussion of accelerated hardware 
forwarding. 


e Section 3 describes the components of the BIER-TE architecture: the multicast flow overlay, 
the BIER-TE layer with the BIER-TE control plane (including the BIER-TE controller), the 
BIER-TE forwarding plane, and the routing underlay. 


e Section 4 specifies the behavior of the BIER-TE forwarding plane with the different types of 
adjacencies and possible variations of BIER-TE forwarding pseudocode, and finally the 
mandatory and optional requirements. 


e Section 5 describes operational considerations for the BIER-TE controller, primarily how the 
BIER-TE controller can optimize the use of BPs by using specific types of BIER-TE adjacencies 
for different types of topological situations. It also describes how to assign bits to avoid loops 
and duplicates (which, in BIER-TE, does not come "for free"). Finally, it discusses how "Set 
Identifiers" (SIs), "subdomains" (SDs), and BFR-ids can be managed by a BIER-TE controller; 
examples and a summary are provided. 


e Appendix A concludes this document; details regarding the relationship between BIER-TE 
and "Segment Routing" (SR) are discussed. 


Note that related work [CONSTRAINED-CAST] uses Bloom filters [Bloom70] to represent leaves or 
edges of the intended delivery tree. Bloom filters in general can support larger trees/topologies 
with fewer addressing bits than explicit BitStrings, but they introduce the heuristic risk of false 
positives and cannot clear bits in the BitStrings during forwarding to avoid loops. For these 
reasons, BIER-TE, like BIER, uses explicit BitStrings. Explicit BitStrings as used by BIER-TE can 
also be seen as a special type of Bloom filter, and this is how other related work [ICC] describes it. 


2. Introduction 


2.1. Requirements Language 


The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD 
NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to 
be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in 
all capitals, as shown here. 


2.2. Basic Examples 


BIER-TE forwarding is best introduced with simple examples. These examples use formal terms 
defined later in this document (Figure 4 in Section 4.1), including forward_connected(Q), 
forward_routed(), and local_decap(). 


Consider the simple network in the BIER-TE overview example shown in Figure 1, with six BFRs. 
pl...p15 are the bit positions used. All BFRs can act as a "Bit-Forwarding Ingress Router" (BFIR); 
BFR1, BFR3, BFR4, and BFR6 can also be BFERs. "Forward_connected()" is the name used for 
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adjacencies that represent subnet adjacencies of the network. "Local_decap()" is the name used 
for the adjacency that decapsulates BIER-TE packets and passes their payload to higher-layer 


processing. 


BIER-TE Topology: 


Diagram: 
ps p6 
--- BFR3 --- 
p3/ p13 \p7 
BFR1 ---- BFR2 BFR5 ----- 
p1 p2 p4\ p14 /p10 p11 
--- BFR4 --- 
p8 p9 


(simplified) BIER-TE Bit Index Forwarding Tables (BIFTs): 


BFR1: p1 -> local_decap() 
p2 -> forward_connected 


© 
BFR2: p1 -> forward_connected() 
p5 -> forward_connected() 

p8 -> forward_connected() 

() 

© 


BFR3: p3 -> forward_connected 
p7 -> forward_connected 
p13 -> local_decap() 


BFR4: p4 -> forward_connected() 
p10 -> forward_connected() 
p14 -> local_decap() 


BFR5: p6 -> forward_connected() 
p9 -> forward_connected() 
p12 -> forward_connected() 

O 


BFR6: p11 -> forward_connected 
p15 -> local_decap() 


Figure 1: BIER-TE Basic Example 


to 


BFR2 


BFR1 
BFR3 
BFR4 


BFR2 
BERS 


BFR2 
BERS 


BFR3 
BFR4 
BFR6 


BFR5 


Assume that a packet from BFR1 should be sent via BFR4 to BFR6. This requires a BitString 
(p2,p8,p10,p12,p15). When this packet is examined by BIER-TE on BFR1, the only bit position 
from the BitString that is also set in the BIFT is p2. This will cause BFR1 to send the only copy of 
the packet to BFR2. Similarly, BFR2 will forward to BFR4 because of p8, BFR4 to BFR5 because of 
p10, and BFR5 to BFR6 because of p12. p15 finally makes BFR6 receive and decapsulate the 


packet. 


To send a copy to BFR6 via BFR4 and also a copy to BFR3, the BitString needs to be 


(p2,p5,p8,p10,p12,p13,p15). When this packet is examined by BFR2, p5 causes one copy to be sent 
to BFR3 and p8 one copy to BFR4. When BFR3 receives the packet, p13 will cause it to receive and 


decapsulate the packet. 
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If instead the BitString was (p2,p6,p8,p10,p12,p13,p15), the packet would be copied by BFR5 
towards BFR3 because of p6 instead of being copied by BFR2 to BFR3 because of p5 in the prior 
case. This demonstrates the ability of the BIER-TE topology, as shown in Figure 1, to make the 
traffic pass across any possible path and be replicated where desired. 


BIER-TE has various options for minimizing BP assignments, many of which are based on out-of- 
band knowledge about the required multicast traffic paths and bandwidth consumption in the 
network, e.g., from predeployment planning. 


Figure 2 shows a modified example, in which Rtr2 and Rtr5 are assumed not to support BIER-TE, 
so traffic has to be unicast encapsulated across them. To explicitly distinguish routed/tunneled 
forwarding of BIER-TE packets from Layer 2 forwarding (forward_connected()), these 
adjacencies are called "forward_routed()" adjacencies. Otherwise, there is no difference in their 
processing over the aforementioned forward_connected() adjacencies. 


In addition, bits are saved in the following example by assuming that BFR1 only needs to bea 
BFIR -- not a BFER or a transit BFR. 


BIER-TE Topology: 


Diagram: 
p1 p3 p7 
pee IBERGm E p5 
meer ep S: > 
BFR1 (Rtr2) (Rtr5) BFR6 
cs Pace sete Seed E onl N recht > p9 
miz BER4 < i: p6 
p2 p4 p8 


(simplified) BIER-TE Bit Index Forwarding Tables (BIFTs): 


BFR1: p1 -> forward_routed() to BFR3 
p2 -> forward_routed() to BFR4 


BFR3: p3 -> local_decap() 
p5 -> forward_routed() to BFR6 


BFR4: p4 -> local_decap() 
p6 -> forward_routed() to BFR6 


BFR6: p7 -> forward_routed() to BFR3 
p8 -> forward_routed() to BFR4 
p9 -> local_decap() 


Figure 2: BIER-TE Basic Overlay Example 


To send a BIER-TE packet from BFR1 via BFR3 to be received by BFR6, the BitString is (p1,p5,p9). 
A packet from BFR1 via BFR4 to be received by BFR6 uses the BitString (p2,p6,p9). A packet from 
BFR1 to be received by BFR3,BFR4 and from BFR3 to be received by BFR6 uses 
(p1,p2,p3,p4,p5,p9). A packet from BFR1 to be received by BFR3,BFR4 and from BFR4 to be 
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received by BFR6 uses (p1,p2,p3,p4,p6,p9). A packet from BFR1 to be received by BFR4, then from 
BFR4 to be received by BFR6, and finally from BFR6 to be received by BFR3, uses 
(p2,p3,p4,p6,p7,p9). A packet from BFR1 to be received by BFR3, then from BFR3 to be received 
by BFR6, and finally from BFR6 to be received by BFR4, uses (p1,p3,p4,p5,p8,p9). 


2.3. BIER-TE Topology and Adjacencies 


The key new component in BIER-TE compared to (non-TE) BIER is the BIER-TE topology as 
introduced through the two examples in Section 2.2. It is used to control where replication can or 
should happen and how to minimize the required number of BPs for adjacencies. 


The BIER-TE topology consists of the BIFTs of all the BFRs and can also be expressed as a directed 
graph where the edges are the adjacencies between the BFRs labeled with the BP used for the 
adjacency. Adjacencies are naturally unidirectional. A BP can be reused across multiple 
adjacencies as long as this does not lead to undesired duplicates or loops, as explained in Section 
5a. 


If the BIER-TE topology represents (a subset of) the underlying (Layer 2) topology of the network 
as shown in the first example, this may be called an "underlay" BIER-TE topology. A topology 
consisting only of "forward_routed()" adjacencies as shown in the second example may be called 
an "overlay" BIER-TE topology. A BIER-TE topology with both forward_connected() and 
forward_routed() adjacencies may be called a "hybrid" BIER-TE topology. 


2.4. Relationship to BIER 


BIER-TE is designed so that its forwarding plane is a simple extension to the (non-TE) BIER 
forwarding plane, hence allowing it to be added to BIER deployments where it can be beneficial. 


BIER-TE is also intended as an option to expand the BIER architecture into deployments where 
(non-TE) BIER may not be the best fit, such as statically provisioned networks that need path 
steering but do not want distributed routing protocols. 


1. BIER-TE inherits the following aspects from BIER unchanged: 
1.a The fundamental purpose of per-packet signaled replication and delivery via a 
BitString. 
1.b The overall architecture, which consists of three layers: the flow overlay, the BIER(-TE) 
layer, and the routing underlay. 
1.c The supported encapsulations [RFC8296]. 
1.d The semantics of all BIER header elements [RFC8296] used by the BIER-TE forwarding 
plane, other than the semantic of the BP in the BitString. 
1.e The BIER forwarding plane, except for how bits have to be cleared during replication. 
2. BIER-TE has the following key changes with respect to BIER: 
2.a 
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In BIER, bits in the BitString of a BIER packet header indicate a BFER, and bits in the 
BIFT indicate the BIER control plane's calculated next hop towards that BFER. In BIER- 
TE, a bit in the BitString of a BIER packet header indicates an adjacency in the BIER-TE 
topology, and only the BFR that is the upstream of that adjacency has its BP populated 
with the adjacency in its BIFT. 

2.5 In BIER, the implied reference options for the core part of the BIER layer control plane 
are the BIER extensions for distributed routing protocols. These include IS-IS and OSPF 
extensions for BIER, as specified in [RFC8401] and [RFC8444], respectively. 

2.c The reference option for the core part of the BIER-TE control plane is the BIER-TE 
controller. Nevertheless, both the BIER and BIER-TE BIFTs' forwarding plane state 
could equally be populated by any mechanism. 

2.4 Assuming the reference options for the control plane, BIER-TE replaces in-network 
autonomous path calculations with explicit paths calculated by the BIER-TE controller. 


Ww 


. The following elements/functions described in the BIER architecture are not required by the 
BIER-TE architecture: 
3.a "Bit Index Routing Tables" (BIRTs) are not required on BFRs for BIER-TE when using a 
BIER-TE controller, because the controller can directly populate the BIFTs. In BIER, 
BIRTs are populated by the distributed routing protocol support for BIER, allowing 
BFRs to populate their BIFTs locally from their BIRTs. Other BIER-TE control plane or 
management plane options may introduce requirements for BIRTs for BIER-TE BFRs. 


3.5 The BIER-TE layer forwarding plane does not require BFRs to have a unique BP; see 
Section 5.1.3. Therefore, BFRs may not have a unique BFR-id; see Section 5.3.3. 


3.c Identification of BFRs by the BIER-TE control plane is outside the scope of this 
specification. Whereas the BIER control plane uses BFR-ids in its BFR-to-BFR signaling, 
a BIER-TE controller may choose any form of identification deemed appropriate. 


3.4 BIER-TE forwarding does not require the BFIR-id field of the BIER packet header. 


4. Co-existence of BIER and BIER-TE in the same network requires the following: 

4.a The BIER/BIER-TE packet header needs to allow the addressing of both BIER and BIER- 
TE BIFTs. Depending on the encapsulation option, the same SD may or may not be 
reusable across BIER and BIER-TE. See Section 4.3. In either case, a packet is always 
forwarded only end to end via BIER or via BIER-TE ("ships in the night" forwarding). 


4.5 BIER-TE deployments will have to assign BFR-ids to BFRs and insert them into the 
BFIR-id field of BIER packet headers, as does BIER, whenever the deployment uses 
(unchanged) components developed for BIER that use BFR-ids, such as multicast flow 
overlays or BIER layer control plane elements. See also Section 5.3.3. 


2.5. Accelerated Hardware Forwarding Comparison 


BIER-TE forwarding rules, especially BitString parsing, are designed to be as close as possible to 
those of BIER, with the expectation that this eases the programming of BIER-TE forwarding code 
and/or BIER-TE forwarding hardware on platforms supporting BIER. The pseudocode in Section 
4.4 shows how existing (non-TE) BIER/BIFT forwarding can be modified to support the required 
BIER-TE forwarding functionality (Section 4.5), by using the BIER BIFT's "Forwarding Bit Mask" 
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(F-BM): only the clearing of bits to avoid sending duplicate packets to a BFR's neighbor is skipped 
in BIER-TE forwarding, because it is not necessary and could not be done when using a BIER F- 
BM. 


Whether to use BIER or BIER-TE forwarding is simply a choice of the mode of the BIFT indicated 
by the packet (BIER or BIER-TE BIFT). This is determined by the BFR configuration for the 
encapsulation; see Section 4.3. 


3. Components 


BIER-TE can be thought of as being composed of the same three layers as BIER: the "multicast 
flow overlay", the "BIER layer", and the "routing underlay". Figure 3 also shows how the BIER 
layer is composed of the "BIER-TE forwarding plane" and the "BIER-TE control plane" as 
represented by the "BIER-TE controller". 


ees BGP /PIM----- > 
|<-IGMP/PIM-> multicast flow <-PIM/IGMP->| 
overlay 


BIER-TE [BIER-TE Controller] <=> [BIER-TE Topology] 
A 


control aS A 
plane / l \ BIER-TE control protocol 
| | | (e.g., YANG/NETCONF/RESTCONF 
| | | PGER Vere) 
v v v 
sre => Rtr > BEIR BER=--=--— BFER -> Rtr2 -> Revr 
|e a Ten >| 


BIER-TE forwarding plane 


|<- BIER-TE domain->| 


Routing underlay 


Figure 3: BIER-TE Architecture 


3.1. The Multicast Flow Overlay 


The multicast flow overlay has the same role as that described for BIER in [RFC8279], Section 4.3. 
See also Section 3.2.1.2. 


When a BIER-TE controller is used, it might also be preferable that multicast flow overlay 
signaling be performed through a central point of control. For BGP-based overlay flow services 
such as "Multicast VPN Using Bit Index Explicit Replication (BIER)" [RFC8556], this can be 
achieved by making the BIER-TE controller operate as a BGP Route Reflector [RFC4456] and 
combining it with signaling through BGP or a different protocol for the BIER-TE controller's 
calculated BitStrings. See Sections 3.2.1.2 and 5.3.4. 
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3.2. The BIER-TE Control Plane 


In the (non-TE) BIER architecture [RFC8279], the BIER layer is summarized in Section 4.2 of 
[RFC8279]. This summary includes both the functions of the BIER-layer control plane and 
forwarding plane, without using those terms. Example standardized options for the BIER control 
plane include IS-IS and OSPF extensions for BIER, as specified in [RFC8401] and [RFC8444], 
respectively. 


For BIER-TE, the control plane includes, at a minimum, the following functionality. 


1. BIER-TE topology control: During initial provisioning of the network and/or during 
modifications of its topology and/or services, the protocols and/or procedures to establish 
BIER-TE BIFTs: 

1.a Determine the desired BIER-TE topology for BIER-TE subdomains: the adjacencies that 
are assigned to BPs. Topology discovery is discussed in Section 3.2.1.1, and the various 
aspects of the BIER-TE controller's determinations regarding the topology are 
discussed throughout Section 5. 

1.b Determine the per-BFR BIFT from the BIER-TE topology. This is achieved by simply 
extracting the adjacencies of the BFR from the BIER-TE topology and populating the 
BFR's BIFT with them. 

1.c Optionally assign BFR-ids to BFIRs for later insertion into BIER headers on BFIRs as 
BFIk-ids. Alternatively, BFIR-ids in BIER packet headers may be managed solely by the 
flow overlay layer and/or be unused. This is discussed in Section 5.3.3. 

1.d Install/update the BIFTs into the BFRs and, optionally, BFR-ids into BFIRs. This is 
discussed in Section 3.2.1.1. 


N 


. BIER-TE tree control: During network operations, protocols and/or procedures to support 
creation/change/removal of overlay flows on BFIRs: 


2.a Process the BIER-TE requirements for the multicast overlay flow: BFIRs and BFERs of 
the flow as well as policies for the path selection of the flow. This is discussed in 
Section 3.5. 

2.5 Determine the BitStrings and, optionally, entropy. BitStrings are discussed in 
Sections 3.2.1.2, 3.5, and 5.3.4. Entropy is discussed in Section 4.2.3. 

2.c Install state on the BFIR to impose the desired BIER packet header(s) for packets of the 
overlay flow. Different aspects of this point, as well as the next point, are discussed 
throughout Section 3.2.1 and in Section 4.3. The main component responsible for these 
two points is the multicast flow overlay (Section 3.1), which is architecturally inherited 
from BIER. 

2.d Install the necessary state on the BFERs to decapsulate the BIER packet header and 
properly dispatch its payload. 
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3.2.1. The BIER-TE Controller 


This architecture describes the BIER-TE control plane, as shown in Figure 3, as consisting of: 


e A BIER-TE controller. 


e BFR data models and protocols to communicate between the controller and BFRs in support 
of BIER-TE topology control (see the list under "BIER-TE topology control"), such as YANG/ 
NETCONF/RESTCONF [RFC7950] [RFC6241] [RFC8040]. 


e BFR data models and protocols to communicate between the controller and BFIRs in support 
of BIER-TE tree control (see Section 3.2, point 2.), such as BIER-TE extensions for [RFC5440]. 


The single, centralized BIER-TE controller is used in this document as the reference option for the 
BIER-TE control plane, but other options are equally feasible. The BIER-TE control plane could 
equally be implemented without automated configuration/protocols, by an operator via a CLI on 
the BFRs. In that case, operator-configured local policy on the BFIR would have to determine how 
to set the appropriate BIER header fields. The BIER-TE control plane could also be decentralized 
and/or distributed, but this document does not consider any additional protocols and/or 
procedures that would then be necessary to coordinate its (distributed/decentralized) entities to 
achieve the above-described functionality. 


3.2.1.1. BIER-TE Topology Discovery and Creation 


The first item listed for BIER-TE topology control (Section 3.2, point 1.a.) includes network 
topology discovery and BIER-TE topology creation. The latter describes the process by which a 
controller determines which routers are to be configured as BFRs and the adjacencies between 
them. 


In statically managed networks, e.g., industrial environments, both discovery and creation can 
be a manual/offline process. 


In other networks, topology discovery may rely on such protocols as those that include extending 
an IGP based on a link-state protocol into the BIER-TE controller itself, e.g., BGP-LS [RFC7752] or 
YANG topology [RFC8345], as well as methods specific to BIER-TE -- for example, via [BIER-TE- 
YANG]. These options are non-exhaustive. 


Dynamic creation of the BIER-TE topology can be as easy as mapping the network topology 1:1 to 
the BIER-TE topology by assigning a BP for every network subnet adjacency. In larger networks, 
it likely involves more complex policy and optimization decisions, including how to minimize the 
number of BPs required and how to assign BPs across different BitStrings to minimize the 
number of duplicate packets across links when delivering an overlay flow to BFERs using 
different SIs:BitStrings. These topics are discussed in Section 5. 


When the BIER-TE topology has been determined, the BIER-TE controller pushes the BPs/ 
adjacencies to the BIFT of the BFRs. On each BFR, only those SIs:BPs that are adjacencies to other 
BFRs in the BIER-TE topology are populated. 
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Communications between the BIER-TE controller and BFRs for both BIER-TE topology control 
and BIER-TE tree control are ideally via standardized protocols and data models such as 
NETCONF/RESTCONF/YANG/PCEP. A vendor-specific CLI on the BFRs is also an option (as in many 
other "Software-Defined Network" (SDN) solutions lacking definitions of standardized data 
models). 


3.2.1.2. Engineered Trees via BitStrings 


In BIER, the same set of BFERs in a single subdomain is always encoded as the same BitString. In 
BIER-TE, the BitString used to reach the same set of BFERs in the same subdomain can be 
different for different overlay flows because the BitString encodes the paths towards the BFERs, 
so the BitStrings from different BFIRs to the same set of BFERs will often be different. Likewise, 
the BitString from the same BFIR to the same set of BFERs can be different for different overlay 
flows if different policies should be applied to those overlay flows, such as shortest path trees, 
Steiner trees (minimum cost trees), diverse path trees for redundancy, and so on. 


See also [BIER-MCAST-OVERLAY] for an application leveraging BIER-TE engineered trees. 


3.2.1.3. Changes in the Network Topology 


If the network topology changes (not failure based) so that adjacencies that are assigned to bit 
positions are no longer needed, the BIER-TE controller can reuse those bit positions for new 
adjacencies. First, these bit positions need to be removed from any BFIR flow state and BFR BIFT 
state. Then, they can be repopulated, first into the BIFT and then into the BFIR. 


3.2.1.4. Link/Node Failures and Recovery 

When links or nodes fail or recover in the topology, BIER-TE could quickly respond with "Fast 
Reroute" (FRR) procedures such as those described in [BIER-TE-PROTECTION], the details of 
which are out of scope for this document. It can also more slowly react by recalculating the 
BitStrings of affected multicast flows. This reaction is slower than the FRR procedure because the 
BIER-TE controller needs to receive link/node up/down indications, recalculate the desired 
BitStrings, and push them down into the BFIRs. With FRR, this is all performed locally on a BFR 
receiving the adjacency up/down notification. 


3.3. The BIER-TE Forwarding Plane 


The BIER-TE forwarding plane consists of the following components: 


1. On a BFIR, imposition of the BIER header for packets from overlay flows. This is driven by 
state established by the BIER-TE control plane, the multicast flow overlay as explained in 
Section 3.1, or a combination of both. 

2. On BFRs (including BFIRs and BFERs), forwarding/replication of BIER packets according to 
their SD, SI, "BitStringLength" (BSL), BitString, and, optionally, entropy fields as explained in 
Section 4. Processing of other BIER header fields, such as the "Differentiated Services Code 
Point" (DSCP) field, is outside the scope of this document. 

3. On BFERs, removal of the BIER header and dispatching of the payload according to state 
created by the BIER-TE control plane and/or overlay layer. 
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When the BIER-TE forwarding plane receives a packet, it simply looks up the bit positions that 
are set in the BitString of the packet in the BIFT that was populated by the BIER-TE controller. For 
every BP that is set in the BitString and has one or more adjacencies in the BIFT, a copy is made 
according to the types of adjacencies for that BP in the BIFT. Before sending any copies, the BFR 
clears all BPs in the BitString of the packet for which the BFR has one or more adjacencies in the 
BIFT. Clearing these bits prevents packets from looping when a BitString erroneously includes a 
forwarding loop. When a forward_connected() adjacency has the "DoNotClear" (DNC) flag set, 
this BP is reset for the packet copied to that adjacency. See Section 4.2.1. 


3.4. The Routing Underlay 


For forward_connected() adjacencies, BIER-TE sends BIER packets to directly connected BIER-TE 
neighbors as L2 (unicast) BIER packets without requiring a routing underlay. For 
forward_routed() adjacencies, BIER-TE forwarding encapsulates a copy of the BIER packet so that 
it can be delivered by the forwarding plane of the routing underlay to the routable destination 
address indicated in the adjacency. See Section 4.2.2 for details on forward_routed() adjacencies. 


BIER relies on the routing underlay to calculate paths towards BFERs and derive next-hop BFR 
adjacencies for those paths. These two steps commonly rely on BIER-specific extensions to the 
routing protocols of the routing underlay but may also be established by a controller. In BIER-TE, 
the next hops for a packet are determined by the BitString through the BIER-TE controller- 
established adjacencies on the BFR for the BPs of the BitString. There is thus no need for BFR- 
specific routing underlay extensions to forward BIER packets with BIER-TE semantics. 


Encapsulation parameters can be provisioned by the BIER-TE controller into the 
forward_connected(Q or forward_routed() adjacencies directly without relying on a routing 
underlay. 


If the BFR intends to support FRR for BIER-TE, then the BIER-TE forwarding plane needs to 
receive fast adjacency up/down notifications: link up/down or neighbor up/down, e.g., from 
"Bidirectional Forwarding Detection" (BFD). Providing these notifications is considered to be part 
of the routing underlay in this document. 


3.5. Traffic Engineering Considerations 


Traffic Engineering [TE-OVERVIEW] provides performance optimization of operational IP 
networks while utilizing network resources economically and reliably. The key elements needed 
to effect Traffic Engineering are policy, path steering, and resource management. These elements 
require support at the control/controller level and within the forwarding plane. 


Policy decisions are made within the BIER-TE control plane, i.e., within BIER-TE controllers. 
Controllers use policy when composing BitStrings and BFR BIFT state. The mapping of user/IP 
traffic to specific BitStrings / BIER-TE flows is made based on policy. The specific details of BIER- 
TE policies and how a controller uses them are out of scope for this document. 
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Path steering is supported via the definition of a BitString. BitStrings used in BIER-TE are 
composed based on policy and resource management considerations. For example, when 
composing BIER-TE BitStrings, a controller must take into account the resources available at each 
BFR and for each BP when it is providing congestion-loss-free services such as Rate-Controlled 
Service Disciplines [RCSD94]. Resource availability could be provided, for example, via routing 
protocol information but may also be obtained via a BIER-TE control protocol such as NETCONF 
or any other protocol commonly used by a controller to understand the resources of the network 
on which it operates. The resource usage of the BIER-TE traffic admitted by the BIER-TE 
controller can be solely tracked on the BIER-TE controller based on local accounting as long as no 
forward_routed() adjacencies are used (see Section 4.2.2 for the definition of forward_routedQ) 
adjacencies). When forward_routed() adjacencies are used, the paths selected by the underlying 
routing protocol need to be tracked as well. 


Resource management has implications for the forwarding plane beyond the BIER-TE-defined 
steering of packets; this includes allocation of buffers to guarantee the worst-case requirements 
for admitted RCSD traffic and potentially policing and/or rate-shaping mechanisms, typically 
done via various forms of queuing. This level of resource control, while optional, is important in 
networks that wish to support congestion management policies to control or regulate the offered 
traffic to deliver different levels of service and alleviate congestion problems, or those networks 
that wish to control latencies experienced by specific traffic flows. 


4. BIER-TE Forwarding 


4.1. The BIER-TE Bit Index Forwarding Table (BIFT) 


The BIER-TE BIFT is equivalent to the (non-TE) BIER BIFT. It exists on every BFR running BIER-TE. 
For every BIER "subdomain" (SD) in use for BIER-TE, the BIFT is constructed per the example 
shown in Figure 4. The BIFT in the figure assumes a BSL of 8 "bit positions" (BPs) in the packets 
BitString. As in [RFC8279], this BSL is purely used as an example and is not a BSL supported by 
BIER/BIER-TE (minimum BSL is 64). 


A BIER-TE BIFT is compared to a BIER BIFT as shown in [RFC8279] as follows. 


In both BIER and BIER-TE, BIFT rows/entries are indexed in their respective BIER pseudocode 
([RFC8279], Section 6.5) and BIER-TE pseudocode (Section 4.4) by the BIFT-index derived from the 
packet's SI, BSL, and the one bit position of the packets BitString (BP) addressing the BIFT row: 
BIFT-index = SI * BSL + BP - 1. BPs within a BitString are numbered from 1 to BSL -- hence, the - 1 
offset when converting to a BIFT-index. This document also uses the notion "SI:BP" to indicate 
BIFT rows. [RFC8279] uses the equivalent notion "SI:BitString", where the BitString is filled with 
only the BPs for the BIFT row. 


In BIER, each BIFT-index addresses one BFER by its BFR-id = BIFT-index + 1 and is populated on 
each BFR with the next-hop "BFR Neighbor" (BFR-NBR) towards that BFER. 


In BIER-TE, each BIFT-index and, therefore, SI:BP indicates one or, in the case of reuse of SI:BP, 
more than one adjacency between BFRs in the topology. The SI:BP is populated with the 
adjacency on the upstream BFR of the adjacency. The BIFT entries are empty on all other BFRs. 
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In BIER, each BIFT row also requires a "Forwarding Bit Mask" (F-BM) entry for BIER forwarding 
rules. In BIER-TE forwarding, an F-BM is not required but can be used when implementing BIER- 
TE on forwarding hardware, derived from BIER forwarding, that must use an F-BM. This is 
discussed in the first variation of BIER-TE forwarding pseudocode shown in Section 4.4. 


| BIFT-index | | Adjacencies: | 
| (SI:BP) |(F-BM)| <empty> or one or more per entry | 


| 1 (0:2) | ... | forward_connected(interface,neighbor{,DNC}) | 
l | ... | forward_connected(interface,neighbor{,DNC}) | 


| 4 (0:5) | | local_decap({VRF}) | 
15 (0:6) |... | forward_routed({VRF,}13-neighbor) = | 
L6 (8:7) |... | <emtyy 4 
| 7 (8:8) | ... | ECMP((adjacency1, ...adjacencyN){,seed}) | 


Figure 4: BIER-TE Bit Index Forwarding Table (BIFT) with Different Adjacencies 


The BIFT is configured for the BIER-TE data plane of a BFR by the BIER-TE controller through an 
appropriate protocol and data model. The BIFT is then used to forward packets, according to the 
procedures for the BIER-TE forwarding plane as specified in Section 3.3. 


Note that a BIFT-index (SI:BP) may be populated in the BIFT of more than one BFR to save BPs. 
See Section 5.1.6 for an example of how a BIER-TE controller could assign BPs to (logical) 
adjacencies shared across multiple BFRs, Section 5.1.3 for an example of assigning the same BP to 
different adjacencies, and Section 5.1.9 for general guidelines regarding the reuse of BPs across 
different adjacencies. 


{VRF} indicates the Virtual Routing and Forwarding context into which the BIER payload is to be 
delivered. This is optional and depends on the multicast flow overlay. 
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4.2. Adjacency Types 


4.2.1. Forward Connected 


A "forward_connected()" adjacency is an adjacency towards a directly connected BFR-NBR using 
an interface address of that BFR on the connecting interface. A forward_connected() adjacency 
does not route packets; only L2 forwards them to the neighbor. 


Packets sent to an adjacency with "DoNotClear" (DNC) set in the BIFT MUST NOT have the bit 
position for that adjacency cleared when the BFR creates a copy for it. The bit position will still 
be cleared for copies of a packet made towards other adjacencies. This can be used, for example, 
in ring topologies as explained in Section 5.1.6. 


For protection against loops caused by misconfiguration (see Section 5.2.1), DNC is only 
permissible for forward_connected() adjacencies. No need or benefit of DNC for other types of 
adjacencies was identified, and associated risks were not analyzed. 


4.2.2. Forward Routed 


A "forward_routed()" adjacency is an adjacency towards a BFR that uses a (tunneling) 
encapsulation that will cause a packet to be forwarded by the routing underlay towards the 
adjacent BFR indicated via the 13-neighbor parameter of the forward_routed(Q) adjacency. This 
can leverage any feasible encapsulation, such as MPLS or tunneling over IP/IPV6, as long as the 
BIER-TE packet can be identified as a payload. This identification can rely on either the BIER/ 
BIER-TE co-existence mechanisms described in Section 4.3 or explicit support for a BIER-TE 
payload type in the tunneling encapsulation. 


Forward_routed() adjacencies are necessary to pass BIER-TE traffic across routers that are not 
BIER-TE capable or to minimize the number of required BPs by tunneling over (BIER-TE-capable) 
routers on which neither replication nor path steering is desired, or simply to leverage the 
routing underlay's path redundancy and FRR towards the next BFR. They may also be useful to a 
multi-subnet adjacent BFR for leveraging the routing underlay ECMP independently of BIER-TE 
ECMP (Section 4.2.3). 


4.2.3. ECMP 


(Non-TE) BIER ECMP is tied to the BIER BIFT processing semantic and is therefore not directly 
usable with BIER-TE. 


A BIER-TE "Equal-Cost Multipath" (ECMP() adjacency as shown in Figure 4 for BIFT-index 7 has a 
list of two or more non-ECMP() adjacencies as parameters and an optional seed parameter. When 
a BIER-TE packet is copied onto such an ECMP() adjacency, an implementation-specific so-called 
hash function will select one out of the list's adjacencies to which the packet is forwarded. If the 
packet's encapsulation contains an entropy field, the entropy field SHOULD be respected; two 
packets with the same value of the entropy field SHOULD be sent on the same adjacency. The seed 
parameter permits the design of hash functions that are easy to implement at high speed without 
running into polarization issues across multiple consecutive ECMP hops. See Section 5.1.7 for 
details. 
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4.2.4. Local Decap(sulation) 


A "local_decap()" adjacency passes a copy of the payload of the BIER-TE packet to the protocol 
("NextProto") within the BFR (IP/IPv6, Ethernet,...) responsible for that payload according to the 
packet header fields. A local_decapQ adjacency turns the BFR into a BFER for matching packets. 
Local_decap() adjacencies require the BFER to support routing or switching for NextProto to 
determine how to further process the packets. 


4.3. Encapsulation / Co-existence with BIER 


Specifications for BIER-TE encapsulation are outside the scope of this document. This section 
gives explanations and guidelines. 


The handling of "Maximum Transmission Unit" (MTU) limitations is outside the scope of this 
document and is not discussed in [RFC8279] either. Instead, this process is part of the BIER-TE 
packet encapsulation and/or flow overlay; for example, see [RFC8296], Section 3. It applies 
equally to BIER-TE and BIER. 


Because a BFR needs to interpret the BitString of a BIER-TE packet differently from a (non-TE) 
BIER packet, it is necessary to distinguish BIER packets from BIER-TE packets. In BIER 
encapsulation [RFC8296], the BIFT-id field of the packet indicates the BIFT of the packet. BIER 
and BIER-TE can therefore be run simultaneously, when the BIFT-id address space is shared 
across BIER BIFTs and BIER-TE BIFTs. Partitioning the BIFT-id address space is subject to BIER- 
TE/BIER control plane procedures. 


When [RFC8296] is used for BIER with MPLS, BIFT-id address ranges can be dynamically 
allocated from MPLS label space only for the set of actually used SD:BSL BIFTs. This also permits 
the allocation of non-overlapping label ranges for BIFT-ids that are to be used with BIER-TE 
BIFTs. 


With MPLS, it is also possible to reuse the same SD space for both BIER-TE and BIER, so that the 
same SD has both a BIER BIFT with a corresponding range of BIFT-ids and disjoint BIER-TE BIFTs 
with a non-overlapping range of BIFT-ids. 


Assume that a fixed mapping from BSL, SD, and SI to a BIFT-id is used, which does not explicitly 
partition the BIFT-id space between BIER and BIER-TE -- for example, as proposed for non-MPLS 
forwarding with BIER encapsulation [RFC8296] in [NON-MPLS-BIER-ENCODING], Section 5. In 
this case, it is necessary to allocate disjoint SDs to BIER and BIER-TE BIFTs so that both can be 
addressed by the BIFT-ids. The encoding proposed in Section 6 of [NON-MPLS-BIER-ENCODING] 
does not statically encode the BSL or SD into the BIFT-id, but the encoding permits a mapping 
and hence could provide the same freedom as when MPLS is being used (the same SD, or 
different SDs for BIER/BIER-TE). 
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Forward_routed() requires an encapsulation that permits directing unicast encapsulated BIER-TE 
packets to a specific interface address on a target BFR. With MPLS encapsulation, this can simply 
be done via a label stack with that address's label as the top label, followed by the label assigned 

to the (BSL,SD,SD BitString. With non-MPLS encapsulation, some form of IP encapsulation would 
be required (for example, IP/GRE). 


The encapsulation used for forward_routed() adjacencies can equally support existing advanced 
adjacency information such as "loose source routes" via, for example, MPLS label stacks or 
appropriate header extensions (e.g., for IPv6). 


4.4. BIER-TE Forwarding Pseudocode 


The pseudocode for BIER-TE forwarding, as shown in Figure 5, is based on the (non-TE) BIER 
forwarding pseudocode provided in [RFC8279], Section 6.5, with one modification. 


void ForwardBitMaskPacket_withTE (Packet) 


{ 
SI=GetPacketSI(Packet) ; 


Of fset=SI*BitStringLength; 

for (Index = GetFirstBitPosition(Packet->BitString) ; Index ; 
Index = GetNextBitPosition(Packet->BitString, Index)) { 
F-BM = BIFT[Index+Offset]->F-BM; 
if (!F-BM) continue; [3] 
BFR-NBR = BIFT[Index+0ffset ]->BFR-NBR; 
PacketCopy = Copy(Packet) ; 
PacketCopy->BitString &= F-BM; [2] 
PacketSend(PacketCopy, BFR-NBR) ; 
// The following must not be done for BIER-TE: 
// Packet->BitString &= ~F-BM; [1] 


Figure 5: BIER-TE Forwarding Pseudocode for Required Functions, Based on BIER Pseudocode 


In step [2], the F-BM is used to clear one or more bits in PacketCopy. This step exists in both BIER 
and BIER-TE, but the F-BMs need to be populated differently for BIER-TE than for BIER for the 
desired clearing. 


In BIER, multiple bits of a BitString can have the same BFR-NBR. When a received packets 
BitString has more than one of those bits set, BIER's replication logic has to prevent more than 
one PacketCopy from being sent to that BFR-NBR ([1]). Likewise, the PacketCopy sent to a BFR- 
NBR must clear all bits in its BitString that are not routed across a BFR-NBR. This prevents BIER's 
replication logic from creating duplicates on any possible further BFRs ([2]). 


To solve both [1] and [2] for BIER, the F-BM of each bit index needs to have all bits set that this 
BFR wants to route across a BFR-NBR. [2] clears all other bits in PacketCopy->BitString, and [1] 
clears those bits from Packet->BitString after the first PacketCopy. 
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In BIER-TE, a BFR-NBR in this pseudocode is an adjacency -- forward_connected(), 
forward_routedQ, or local_decap(). There is no need for [2] to suppress duplicates in the same 
way that BIER does, because in general, different BPs would never have the same adjacency. If a 
BIER-TE controller actually finds some optimization in which this would be desirable, then the 
controller is also responsible for ensuring that only one of those bits is set in any Packet- 
>BitString, unless the controller explicitly wants duplicates to be created. 


The following points describe how the F-BM for each BP is configured in the BIFT and how this 
impacts the BitString of the packet being processed with that BIFT: 


1. The F-BMs of all BIFT BPs without an adjacency have all their bits clear. This will cause [3] to 
skip further processing of such a BP. 


2. All BIFT BPs with an adjacency (with the DNC flag clear) have an F-BM that has only those 
BPs set for which this BFR does not have an adjacency. This causes [2] to clear all bits from 
PacketCopy->BitString for which this BFR does have an adjacency. 


3. [1] is not performed for BIER-TE. All bit clearing required by BIER-TE is performed by [2]. 


This forwarding pseudocode can support the required BIER-TE forwarding functions (see Section 
4.5) -- forward_connected(), forward_routed(), and local_decap() -- but cannot support the 
recommended functions (DNC flag and multiple adjacencies per bit) or the optional function (i.e., 
ECMPQ adjacencies). The DNC flag cannot be supported when using only [1] to mask bits. 


The modified and expanded forwarding pseudocode in Figure 6 specifies how to support all 
BIER-TE forwarding functions (required, recommended, and optional): 


1. This pseudocode eliminates per-bit F-BMs, therefore reducing the size of BIFT state by 


SI*BSL? and eliminating the need for per-packet-copy BitString masking operations, except 

for adjacencies with the DNC flag set: 

1.a  AdjacentBits[SI] are bit positions with a non-empty list of adjacencies in this BFR BIFT. 
This can be computed whenever the BIER-TE controller updates (adds/removes) 
adjacencies in the BIFT. 


1.b The BFR needs to create packet copies for these adjacent bits when they are set in the 
packets BitString. This set of bits is calculated in PktAdjacentBits. 


1.c Al bit positions for which the BFR creates copies have to be cleared in packet copies to 
avoid loops. This is done by masking the BitString of the packet with ~AdjacentBits[SI]. 
When an adjacency has DNC set, this bit position is set again only for the packet copy 
towards that bit position. 


N 


. BIFT entries may contain more than one adjacency in support of specific configurations, 
such as a hub and multiple spokes (Section 5.1.5). The code therefore includes a loop over 
these adjacencies. 


Ww 


. The ECMPO adjacency is also shown in the figure. Its parameters are a seed and 
"ListOfAdjacencies", from which one is picked. 


4. The forward_connected(), forward_routed(), and local_decap0 adjacencies are shown with 
their parameters. 
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void ForwardBitMaskPacket_withTE (Packet) 


SI = GetPacketSI(Packet) ; 

Offset = SI * BitStringLength; 

// Determine adjacent bits in the packets BitString 
PktAdjacentBits = Packet->BitString & AdjacentBits[ST]; 


// Clear adjacent bits in the packet header to avoid loops 
Packet->BitString &= ~AdjacentBits[ST]; 


// Loop over PktAdjacentBits to create packet copies 
for (Index = GetFirstBitPosition(PktAdjacentBits) ; Index ; 
Index = GetNextBitPosition(PktAdjacentBits, Index)) { 
for adjacency in BIFT[Index+0ffset]->Adjacencies { 
if(adjacency.type == ECMP(ListOfAdjacencies,seed) ) { 
I = ECMP_hash(sizeof(ListOfAdjacencies), 
Packet->Entropy, seed) ; 
adjacency = ListOfAdjacencies[T]; 
} 
PacketCopy = Copy(Packet) ; 
switch(adjacency.type) { 
case forward_connected(interface, neighbor, DNC) : 
if (DNC) 
PacketCopy->BitString |= 1<<(Index-1); 
SendToL2Unicast(PacketCopy, interface, neighbor) ; 


case forward_routed({VRF, }13-neighbor) : 
SendToL3(PacketCopy, {VRF, }13-neighbor) ; 


case local_decap({VRF},neighbor) : 
DecapBierHeader (PacketCopy) ; 
PassTo(PacketCopy, {VRF, }Packet->NextProto) ; 


Figure 6: Complete BIER-TE Forwarding Pseudocode for Required, Recommended, and Optional 
Functions 


4.5. BFR Requirements for BIER-TE Forwarding 


BFRs that support BIER-TE and BIER MUST support a configuration that enables BIER-TE instead 
of (non-TE) BIER forwarding rules for all BIFTs of one or more BIER subdomains. Every BP ina 
BIER-TE BIFT MUST support having zero or one adjacency. BIER-TE forwarding MUST support the 
adjacency types forward_connected() with the DNC flag not set, forward_routed(), and 
local_decap().. As explained in Section 4.4, these required BIER-TE forwarding functions can be 
implemented via the same forwarding pseudocode as that used for BIER forwarding, except for 
one modification (skipping one masking with an F-BM). 


BIER-TE forwarding SHOULD support forward_connected() adjacencies with the DNC flag set, as 
this is very useful for saving bits in rings (see Section 5.1.6). 


Eckert, et al. Standards Track Page 21 


RFC 9262 BIER-TE ARCH October 2022 


BIER-TE forwarding SHOULD support more than one adjacency on a bit. This allows bits to be 
saved in hub-and-spoke scenarios (see Section 5.1.5). 


BIER-TE forwarding MAY support ECMP() adjacencies to save bits in ECMP scenarios; see Section 
5.1.7 for an example. This is an optional requirement, because for ECMP deployments using 
BIER-TE one can also leverage the routing underlay ECMP via forward_routed() adjacencies and/ 
or might prefer to have more explicit control of the path chosen via explicit BPs/adjacencies for 
each ECMP path alternative. 


5. BIER-TE Controller Operational Considerations 


5.1. Bit Position Assignments 


This section describes how the BIER-TE controller can use the different BIER-TE adjacency types 
to define the bit positions of a BIER-TE domain. 


Because the size of the BitString limits the size of the BIER-TE domain, many of the options 
described here exist to support larger topologies with fewer bit positions. 


5.1.1. P2P Links 


On a "point-to-point" (P2P) link that connects two BFRs, the same bit position can be used on both 
BFRs for the adjacency to the neighboring BFR. A P2P link therefore requires only one bit 
position. 


5.1.2. BFERs 


Every non-leaf BFER is given a unique bit position with a local_decap() adjacency. 


5.1.3. Leaf BFERs 


A leaf BFER is one where incoming BIER-TE packets never need to be forwarded to another BFR 
but are only sent to the BFER to exit the BIER-TE domain. For example, in networks where 
"Provider Edge" (PE) routers are spokes connected to Provider (P) routers, those PEs are leaf 
BFERs, unless there is a U-turn between two PEs. 


Consider how redundant disjoint traffic can reach BFER1/BFER2 as shown in Figure 7: when 
BFER1/BFER2 are non-leaf BFERs as shown on the right-hand side, one traffic copy would be 
forwarded to BFER1 from BFR1, but the other one could only reach BFER1 via BFER2, which 
makes BFER2 a non-leaf BFER. Likewise, BFER1 is a non-leaf BFER when forwarding traffic to 
BFER2. Note that the BFERs on the left-hand side of the figure are only guaranteed to be leaf 
BFERs by correctly applying a routing configuration that prohibits transit traffic from passing 
through the BFERs, which is commonly applied in these topologies. 
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BFR1(P) BFR2(P) BFR1(P) BFR2(P) 
ENA | | 
[ies = sc | | 
/\ | | | 
BFER1(PE) BFER2(PE) BFER1(PE)----BFER2(PE) 


^ U-turn link 


Leaf BFER / Non-leaf BFER / 
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Figure 7: Leaf vs. Non-Leaf BFER Example 


In most situations, leaf BFERs that are to be addressed via the same BitString can share a single 
bit position for their local_decap() adjacency in that BitString and therefore save bit positions. On 
a non-leaf BFER, a received BIER-TE packet may only need to transit the BFER, or it may also 
need to be decapsulated. Whether or not to decapsulate the packet therefore needs to be 
indicated by a unique bit position populated only on the BIFT of this BFER with a local_decapQ) 
adjacency. On a leaf BFER, packets never need to pass through; any packet received is therefore 
usually intended to be decapsulated. This can be expressed by a single, shared bit position that is 
populated with a local_decap(Q) adjacency on all leaf BFERs addressed by the BitString. 


The possible exceptions to this leaf BFER bit position optimization scenario can be cases where 
the bit position on the prior BIER-TE BFR (which created the packet copy for the leaf BFER in 
question) is populated with multiple adjacencies as an optimization -- for example, as described 
in Sections 5.1.4 and 5.1.5. With either of these two optimizations, the sender of the packet could 
only control explicitly whether the packet was to be decapsulated on the leaf BFER in question, if 
the leaf BFER has a unique bit position for its local_decap() adjacency. 


However, if the bit position is shared across a leaf BFER and packets are therefore decapsulated 
-- potentially unnecessarily -- this may still be appropriate if the decapsulated payload of the 
BIER-TE packet indicates whether or not the packets need to be further processed/received. This 
is typically true, for example, if the payload is IP multicast, because IP multicast on a BFER would 
know the membership state of the IP multicast payload and be able to discard it if the packets 
were delivered unnecessarily by the BIER-TE layer. If the payload has no such membership 
indication and the BFIR wants to have explicit control regarding which BFERs are to receive and 
decapsulate a packet, then these two optimizations cannot be used together with shared bit 
position optimization for a leaf BFER. 


5.1.4. LANs 


In a LAN, the adjacency to each neighboring BFR is given a unique bit position. The adjacency of 
this bit position is a forward_connected() adjacency towards the BFR, and this bit position is 
populated into the BIFT of all the other BFRs on that LAN. 
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Figure 8: LAN Example 


If bandwidth on the LAN is not an issue and most BIER-TE traffic should be copied to all 
neighbors on a LAN, then bit positions can be saved by assigning just a single bit position to the 
LAN and populating the bit position of the BIFTs of each BFR on the LAN with a list of 
forward_connected() adjacencies to all other neighbors on the LAN. 


This optimization does not work in the case of BFRs redundantly connected to more than one 
LAN with this optimization. These BFRs would receive duplicates and forward those duplicates 
into the other LANs. Such BFRs require separate bit positions for each LAN they connect to. 


5.1.5. Hub and Spoke 


In a setup with a hub and multiple spokes connected via separate P2P links to the hub, all P2P 
adjacencies from the hub to the spokes' links can share the same bit position. The bit position on 
the hub's BIFT is set up with a list of forward_connected() adjacencies, one for each spoke. 


This option is similar to the bit position optimization in LANs: redundantly connected spokes 
need their own bit positions, unless they are themselves leaf BFERs. 


This type of optimized BP could be used, for example, when all traffic is "broadcast" traffic (very 
dense receiver sets), such as live TV or many-to-many telemetry, including situational awareness. 
This BP optimization can then be used to explicitly steer different traffic flows across different 
ECMP paths in data-center or broadband-aggregation networks with minimal use of BPs. 


5.1.6. Rings 
In L3 rings, instead of assigning a single bit position for every P2P link in the ring, it is possible to 
save bit positions by setting the "DoNotClear" (DNC) flag on forward_connected() adjacencies. 


For the ring shown in Figure 9, a single bit position will suffice to forward traffic entering the 
ring at BFRa or BFRb all the way up to BFR1, as follows. 


On BFRa, BFRb, BFR30,... BFR3, the bit position is populated with a forward_connected() 
adjacency pointing to the clockwise neighbor on the ring and with DNC set. On BFR2, the 
adjacency also points to the clockwise neighbor BFR1, but without DNC set. 


Handling DNC this way ensures that copies forwarded from any BFRs in the ring to a BFR outside 
the ring will not have the ring bit position set, therefore minimizing the risk of creating loops. 
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Figure 9: Ring Example 


Note that this example only permits packets intended to make it all the way around the ring to 
enter it at BFRa and BFRb. Note also that packets will always travel clockwise. If packets should 
be allowed to enter the ring at any of the ring's BFRs, then one would have to use two ring bit 
positions, one for each direction: clockwise and counterclockwise. 


Both would be set up to stop rotating on the same link, e.g., L1. When the ring's BFIR creates the 
clockwise copy, it will clear the counterclockwise bit position because the DNC bit only applies to 
the bit for which the replication is done (likewise for the clockwise bit position for the 
counterclockwise copy). As a result, the ring's BFIR will send a copy in both directions, serving 
BFRs on either side of the ring up to L1. 


5.1.7. Equal-Cost Multipath (ECMP) 


An ECMP() adjacency allows the use of just one BP to deliver packets to one of N adjacencies 
instead of one BP for each adjacency. In the common example case shown in Figure 10, a link 
bundle of three links L1,L2,L3 connects BFR1 and BFR2, and only one BP is used instead of three 
BPs to deliver packets from BFR1 to BFR2. 
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BFR1 --L2----- BFR2 


BIFT entry in BFR1: 


| 0:6 | ECMP({forward_connected(L1, BFR2), | 
| | forward_connected(L2, BFR2), 
l | forward_connected(L3, BFR2)}, seed) 


| 0:6 | ECMP({forward_connected(L1, BFR1), | 
| | forward_connected(L2, BFR1), 
| | forward_connected(L3, BFR1)}, seed) 


Figure 10: ECMP Example 


This document does not standardize any ECMP algorithm because it is sufficient for 
implementations to document their freely chosen ECMP algorithm. Figure 11 shows an example 
ECMP algorithm and would double as its documentation: a BIER-TE controller could determine 
which adjacency is chosen based on the seed and adjacencies parameters and on packet entropy. 


forward(packet, ECMP(adj(@), adj(1),... adj(N-1), seed)): 
i = (packet(bier-header-entropy) XOR seed) % N 
forward packet to adj(i) 


Figure 11: ECMP Algorithm Example 


In the example shown in Figure 12, all traffic from BFR1 towards BFR10 is intended to be ECMP 
load-split equally across the topology. This example is not meant as a likely setup; rather, it 
illustrates that ECMP can be used to share BPs not only across link bundles but also across 
alternative paths across different transit BFRs, and it explains the use of the seed parameter. 
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BIFT entry in BFR1: 


| 0:6 | ECMP({forward_connected(L11, BFR2), | 
| l forward_connected(L12, BFR3)}, seed1) | 


| 9:7 | ECMP({forward_connected(L21, BFR4), | 
| | forward_connected(L22, BFR5)}, seed1) | 


| G27 | ECMP({forward_connected(L31, BFR6), | 
| l forward_connected(L32, BFR7)}, seed1) | 


| 0:9 | forward_connected(Lxx, BFR10) |xx differs on BFR8/BFR9| 


Figure 12: Polarization Example 


Note that for the following discussion of ECMP, only the BIFT ECMP() adjacencies on BFR1, BFR2, 
and BFR3 are relevant. The reuse of BPs across BFRs in this example is further explained in 
Section 5.1.9 below. 
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With the ECMP setup shown in the topology above, traffic would not be equally load-split. 
Instead, links L22 and L31 would see no traffic at all: BFR2 will only see traffic from BFR1, for 
which the ECMP hash in BFR1 selected the first adjacency in the list of two adjacencies given as 
parameters to the ECMP: link L11-to-BFR2. BFR2 again performs ECMP with two adjacencies on 
that subset of traffic using the same seed1 and will therefore again select the first of its two 
adjacencies: L21-to-BFR4. Therefore, L22 and BFRS see no traffic (likewise for L31 and BFR6). 


This issue in BFR2/BFR3 is called "polarization". It results from the reuse of the same hash 
function across multiple consecutive hops in topologies like these. To resolve this issue, the 
ECMPQ adjacency on BFR1 can be set up with a different seed2 than the ECMP(Q) adjacencies on 
BFR2/BFR3. BFR2/BFR3 can use the same hash because packets will not sequentially pass across 
both of them. Therefore, they can also use the same BP (i.e., 0:7). 


Note that ECMP solutions outside of BIER often hide the seed by auto-selecting it from local 
entropy such as unique local or next-hop identifiers. Allowing the BIER-TE controller to explicitly 
set the seed gives the BIER-TE controller the ability to control the selection of the same path or 
different paths across multiple consecutive ECMP hops. 


5.1.8. Forward Routed Adjacencies 


5.1.8.1. Reducing Bit Positions 


Forward_routed() adjacencies can reduce the number of bit positions required when the path 
steering requirement is not hop-by-hop explicit path selection but rather is loose-hop selection. 
Forward_routed() adjacencies can also permit BIER-TE operation across intermediate-hop 
routers that do not support BIER-TE. 


Assume that the requirement in Figure 13 is to explicitly steer traffic flows that have arrived at 
BFR1 or BFR4 via a path in the routing underlay "Network Area 1" to one of the following next 
three segments: (1) BFR2 via link L1, (2) BFR2 via link L2, or (3) via BFR3 and then not caring 
whether the packet is forwarded via L3 or L4. 


..BFRI--... ...--L1-- BFR2... 
... .Routers. ...--L2--/ 
..BFR4--... ...--L3-- BFR3... 
nee ..--L4-=-/ | 
TEEI AN ae EEY | 

LO 


Network Area 1 
Figure 13: Forward Routed Adjacencies Example 


To enable this, both BFR1 and BFR4 are set up with a forward_routed() adjacency bit position 
towards an address of BFR2 on link L1, another forward_routed() bit position towards an address 
of BFR2 on link L2, and a third forward_routed() bit position towards a node address LO of BFR3. 
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5.1.8.2. Supporting Nodes without BIER-TE 


Forward_routed() adjacencies also enable incremental deployment of BIER-TE. Only the nodes 
through which BIER-TE traffic needs to be steered -- with or without replication -- need to 
support BIER-TE. Where they are not directly connected to each other, forward_routed() 
adjacencies are used to pass over nodes that are not BIER-TE enabled. 


5.1.9. Reuse of Bit Positions (without DNC) 


BPs can be reused across multiple BFRs to minimize the number of BPs needed. This happens 
when adjacencies on multiple BFRs use the DNC flag as described above, but it can also be done 
for non-DNC adjacencies. This section only discusses this non-DNC case. 


Because a given BP is cleared when passing a BFR with an adjacency for that BP, reusing BPs 
across multiple BFRs does not introduce any problems with duplicates or loops that do not also 
exist when every adjacency has a unique BP. Instead, the challenge when reusing BPs is whether 
the desired Tree Engineering goals can still be achieved. 


A BP cannot be reused across two BFRs that would need to be passed sequentially for some path: 
the first BFR will clear the BP, so those paths cannot be built. A BP can be set across BFRs that 
would only occur across (A) different paths or (B) different branches of the same tree. 


An example of (A) was given in Figure 12, where BP 0:7, BP 0:8, and BP 0:9 are each reused across 
multiple BFRs because a single packet/path would never be able to reach more than one BFR 
sharing the same BP. 


Assume that the example was changed: BFR1 has no ECMP() adjacency for BP 0:6 but instead has 
BP 0:5 with forward_connected(Q) to BFR2 and BP 0:6 with forward_connected() to BFR3. Packets 
with both BP 0:5 and BP 0:6 would now be able to reach both BFR2 and BFR3, and the still- 
existing reuse of BP 0:7 between BFR2 and BFR3 is a case of (B) where reusing a BP is perfect 
because it does not limit the set of useful path choices, as in the following example. 


If instead of reusing BP 0:7 BFR3 used a separate BP 0:10 for its ECMP() adjacency, no useful 
additional path steering options would be enabled. If duplicates at BFR10 were undesirable, this 
would be done by not setting BP 0:5 and BP 0:6 for the same packet. If the duplicates were 
desirable (e.g., resilient transmission), the additional BP 0:10 would also not render additional 
value. 


Reuse may also save BPs in larger topologies. Consider the topology shown in Figure 14. 
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Figure 14: Reuse of BPs 


A BFIR/sender (e.g., video headend) is attached to area 1, and the five areas 2...6 contain 
receivers/BFERs. Assume that each area has a distribution ring, each with two BPs to indicate the 
direction (as explained before). These two BPs could be reused across the five areas. Packets 
would be replicated through other BPs from the core to the desired subset of areas, and once a 
packet copy reaches the ring of the area, the two ring BPs come into play. This reuse is a case of 
(B), but it limits the topology choices: packets can only flow around the same direction in the 
rings of all areas. This may or may not be acceptable based on the desired path steering options: 
if resilient transmission is the path engineering goal, then it is likely a good optimization; 
however, if the bandwidth of each ring were to be optimized separately, it would not be a good 
limitation. 


5.1.10. Summary of BP Optimizations 
In this section, we reviewed a range of techniques by which a BIER-TE controller can create a 
BIER-TE topology in a way that minimizes the number of necessary BPs. 


Without any optimization, a BIER-TE controller would attempt to map the network subnet 
topology 1:1 into the BIER-TE topology, every adjacent neighbor in the subnet would require a 
forward_connected() BP, and every BFER would require a local_decap() BP. 


The optimizations described in this document are then as follows: 


eS 


. P2P links require only one BP (Section 5.1.1). 

2. All leaf BFERs can share a single local_decap() BP (Section 5.1.3). 

. ALAN with N BFRs needs at most N BPs (one for each BFR). It only needs one BP for all those 
BFRs that are not redundantly connected to multiple LANs (Section 5.1.4). 


4. A hub with P2P connections to multiple non-leaf BFER spokes can share one BP with all of 
the spokes if traffic can be flooded to all of those spokes, e.g., because of no bandwidth 
concerns or dense receiver sets (Section 5.1.5). 


. Rings of BFRs can be built with just two BPs (one for each direction), except for BFRs with 
multiple ring connections -- similar to LANs (Section 5.1.6). 


oO 


ui 
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6. ECMP() adjacencies to N neighbors can replace N BPs with one BP. Multihop ECMP can avoid 
polarization through different seeds of the ECMP algorithm (Section 5.1.7). 


7. Forward_routed() adjacencies permit "tunneling" across routers that are either BIER-TE 
capable or not BIER-TE capable where no traffic steering or replications are required 
(Section 5.1.8). 


8. A BP can generally be reused across a set of nodes where it can be guaranteed that no path 


will ever need to traverse more than one node of the set. Depending on the scenario, this 
may limit the feasible path steering options (Section 5.1.9). 


Note that this list of optimizations is not exhaustive. Further optimizations of BPs are possible, 
especially when both the set of required path steering choices and the possible subsets of BFERs 
that should be able to receive traffic are limited. The hub-and-spoke optimization is a simple 
example of such traffic-pattern-dependent optimizations. 


5.2. Avoiding Duplicates and Loops 


5.2.1. Loops 


Whenever BIER-TE creates a copy of a packet, the BitString of that copy will have all bit positions 
cleared that are associated with adjacencies on the BFR. This prevents packets from looping. The 
only exceptions are adjacencies with DNC set. 


With DNC set, looping can happen. Consider in Figure 15 that link L4 from BFR3 is 
(inadvertently) plugged into the L1 interface of BFRa (instead of BFR2). This creates a loop where 
the ring's clockwise bit position is never cleared for copies of the packets traveling clockwise 
around the ring. 


V 

| 
L1 l È L3 
[-------- BFRa ---- BFRb --------------------- \ 


. | 
Ane aes Wrong link wiring | 
| 


| 
\- BFR1 - BFR2 “BERS = eo BERZOS- BERS0 7 


| | L4 | 
p33 | p15] 
BFRd BFRc 


Figure 15: Miswired Ring Example 


To inhibit looping in the face of such physical misconfiguration, only forward_connected() 
adjacencies are permitted to have DNC set, and the link layer port unique unicast destination 
address of the adjacency (e.g., "Media Access Control" (MAC) address) protects against closing the 
loop. Link layers without port unique link layer addresses should not be used with the DNC flag 
set. 
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5.2.2. Duplicates 


Duplicates happen when the graph expressed by a BitString is not a tree but is redundantly 
connecting BFRs with each other. In Figure 16, a BitString of p2,p3,p4,p5 would result in 
duplicate packets arriving on BFER4. The BIER-TE controller must therefore ensure that only 
BitStrings that are trees are created. 


BFIR1 

/ \ 
(p2 \ p3 
BFR2 BFR3 
\ p4 / ps 

\ / 
BFER4 


Figure 16: Duplicates Example 


When links are incorrectly physically reconnected before the BIER-TE controller updates 
BitStrings in BFIRs, duplicates can happen. Like loops, these can be inhibited by link layer 
addressing in forward_connected() adjacencies. 


If interface or loopback addresses used in forward_routed() adjacencies are moved from one BFR 
to another, duplicates are equally likely to happen. Such readdressing operations must be 
coordinated with the BIER-TE controller. 


5.3. Managing SIs, Subdomains, and BFR-ids 


When the number of bits required to represent the necessary hops in the topology and BFERs 
exceeds the supported "BitStringLength" (BSL), multiple SIs and/or subdomains must be used. 
This section discusses how this is done. 


BIER-TE forwarding does not require the concept of BFR-ids, but routing underlay, flow overlay, 
and BIER headers may. This section also discusses how BFR-ids can be assigned to BFIRs/BFERs 
for BIER-TE. 


5.3.1. Why SIs and Subdomains? 


For (non-TE) BIER and BIER-TE forwarding, the most important result of using multiple SIs and/ 
or subdomains is the same: multicast flow overlay packets that need to be sent to BFERs in 
different SIs or subdomains require multiple BIER packets, each one with a BitString for a 
different (SI,subdomain) combination. Each such BitString uses one BSL-sized SI block in the 
BIFT of the subdomain. We call this a BIFT:SI (block). 


SIs and subdomains have different purposes in the BIER architecture and also the BIER-TE 
architecture. This impacts how operators manage them and especially how flow overlays will 
likely use them. 
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By default, every possible BFIR/BFER in a BIER network would likely be given a BFR-id in 
subdomain 0 (unless there are > 64k BFIRs/BFERs). 


If there are different flow services (or service instances) requiring replication to different subsets 
of BFERs, then it will likely not be possible to achieve the best replication efficiency for all of 
these service instances via subdomain 0. Ideal replication efficiency for N BFERs exists ina 
subdomain if they are split over no more than ceiling(N/BitStringLength) SIs. 


If service instances justify additional BIER:SI state in the network, additional subdomains will be 
used: BFIRs/BFERs are assigned BFR-ids in those subdomains, and each service instance is 
configured to use the most appropriate subdomain. This results in improved replication 
efficiency for different services. 


Even if creation of subdomains and assignment of BFR-ids to BFIRs/BFERs in those subdomains is 
automated, it is not expected that individual service instances can deal with BFERs in different 
subdomains. A service instance may only support configuration of a single subdomain it should 
rely on. 


To be able to easily reuse (and modify as little as possible) existing BIER procedures (including 
flow overlay and routing underlay), when BIER-TE forwarding is added, we therefore reuse SIs 
and subdomains logically in the same way as they are used in BIER: all necessary BFIRs/BFERs 
for a service use a single BIER-TE BIFT and are split across as many SIs as necessary (see Section 
5.3.2). Different services may use different subdomains that primarily exist to provide more 
efficient replication (and, for BIER-TE, desirable path steering) for different subsets of BFIRs/ 
BFERs. 


5.3.2. Assigning Bits for the BIER-TE Topology 


In BIER, BitStrings only need to carry bits for BFERs; this leads to the model where BFR-ids map 
1:1 to each bit in a BitString. 


In BIER-TE, BitStrings need to carry bits to indicate not only the receiving BFER but also the 
intermediate hops/links across which the packet must be sent. The maximum number of BFERs 
that can be supported in a single BitString or BIFT:SI depends on the number of bits necessary to 
represent the desired topology between them. 


"Desired" topology means that it depends on the physical topology and the operator's desire to 


1. permit explicit path steering across every single hop (which requires more bits), or 

2. reduce the number of required bits by exploiting optimizations such as unicast 
(forward_routed(Q)), ECMP(), or flood (DNC) over "uninteresting" sub-parts of the topology, 
e.g., parts where, for path steering reasons, different trees do not need to take different 
paths. 
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The total number of bits to describe the topology vs. the number of BFERs in a BIFT:SI can range 
widely based on the size of the topology and the amount of alternative paths in it. In a BIER-TE 
topology crafted by a BIER-TE expert, the higher the percentage of non-BFER bits, the higher the 
likelihood that those topology bits are not just BIER-TE overhead without additional benefit but 
instead will allow the expression of desirable path steering alternatives. 


5.3.3. Assigning BFR-ids with BIER-TE 


BIER-TE forwarding does not use BFR-ids, nor does it require that the BFIR-id field of the BIER 
header be set to a particular value. However, other parts of a BIER-TE deployment may need a 
BFR-id -- specifically, multicast flow overlay signaling and multicast flow overlay packet 
disposition; in that case, BFRs need to also have BFR-ids for BIER-TE SDs. 


For example, for BIER overlay signaling, BFIRs need to have a BFR-id, because this BFIR BFR-id is 
carried in the BFIR-id field of the BIER header to indicate to the overlay signaling on the 
receiving BFER which BFIR originated the packet. 


In BIER, BFR-id = SI * BSL + BP, such that the SI and BP of a BFER can be calculated from the BFR- 
id and vice versa. This also means that every BFR with a BFR-id has a reserved BP in an SI, even 
if that is not necessary for BIER forwarding, because the BFR may never be a BFER (i.e., will only 
be a BFIR). 


In BIER-TE, for a non-leaf BFER, there is usually a single BP for that BFER with a local_decap() 
adjacency on the BFER. The BFR-id for such a BFER can therefore be determined using the same 
procedure as that used for (non-TE) BIER: BFR-id = SI * BSL + BP. 


As explained in Section 5.1.3, leaf BFERs do not need such a unique local_decap(Q adjacency. 
Likewise, BFIRs that are not also BFERs may not have a unique local_decap() adjacency either. 
For all those BFIRs and (leaf) BFERs, the controller needs to determine unique BFR-ids that do 
not collide with the BFR-ids derived from the non-leaf BFER local_decap() BPs. 


While this document defines no requirements on how to allocate such BFR-ids, a simple option is 
to derive it from the (SI,BP) of an adjacency that is unique to the BFR in question. For a BFIR, this 
can be the first adjacency that is only populated on this BFIR; for a leaf BFER, this could be the 
first BP with an adjacency towards that BFER. 


5.3.4. Mapping from BFRs to BitStrings with BIER-TE 


In BIER, applications of the flow overlay on a BFIR can calculate the (SI,BP) of a BFER from the 
BFR-id of the BFER and can therefore easily determine the BitStrings for a BIER packet to a set of 
BFERs with known BFR-ids. 


In BIER-TE, this mapping needs to be equally supported for flow overlays. This section outlines 
two core options, based on what type of Tree Engineering the BIER-TE controller needs to 
perform for a particular application. 


"Independent branches": 
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For a given flow overlay instance, the branches from a BFIR to every BFER are calculated by 
the BIER-TE controller to be independent of the branches to any other BFER. Shortest path 
trees are the most common examples of trees with independent branches. 


"Interdependent branches": When a BFER is added to or deleted from a particular distribution 
tree, the BIER-TE controller has to recalculate the branches to other BFERs, because they may 
need to change. Steiner trees are examples of interdependent branch trees. 


If "independent branches" are used, the BIER-TE controller can signal to the BFIR flow overlay 
for every BFER an SI:BitString that represents the branch to that BFER. The flow overlay on the 
BFIR can then, independently of the controller, calculate the SI:BitString for all desired BFERs by 
ORing their BitStrings. This allows flow overlay applications to operate independently of the 
controller whenever they need to determine which subset of BFERs needs to receive a particular 
packet. 


If "interdependent branches" are required, an application would need to query the SI:BitString 
for a given set of BFERs whenever the set changes. 


Note that in either case (unlike the scenario for BIER), the bits may need to change upon link/ 
node failure/recovery, network expansion, or network resource consumption by other traffic as 
part of achieving Traffic Engineering goals (e.g., reoptimization of lower-priority traffic flows). 
Interactions between such BFIR applications and the BIER-TE controller do therefore need to 
support dynamic updates to the SIs:BitStrings. 


Communications between the BFIR flow overlay and the BIER-TE controller require some way to 
identify the BFERs. If BFR-ids are used in the deployment, as outlined in Section 5.3.3, then those 
are the "natural" BFR-ids. If BFR-ids are not used, then any other unique identifier, such as a 
BFR's BFR-prefix [RFC8279], could be used. 


5.3.5. Assigning BFR-ids for BIER-TE 


It is not currently determined if a single subdomain could or should be allowed to forward both 
(non-TE) BIER and BIER-TE packets. If this should be supported, there are two options: 


A. BIER and BIER-TE have different BFR-ids in the same subdomain. This allows higher 
replication efficiency for BIER because the BIER BFR-ids can be assigned sequentially, while 
the BitStrings for BIER-TE will also have to assign the additional bits for the topology 
adjacencies. There is no relationship between a BFR BIER BFR-id and its BIER-TE BFR-id. 

B. BIER and BIER-TE share the same BFR-id. The BFR-ids are assigned as explained above for 
BIER-TE and simply reused for BIER. The replication efficiency for BIER will be as low as that 
for BIER-TE in this approach. 


5.3.6. Example Bit Allocations 


5.3.6.1. With BIER 


Consider a network setup with a BSL of 256 for a network topology as shown in Figure 17. The 
network has six areas, each with 170 BFERs, connecting via a core with four (core) BFRs. To 
address all BFERs with BIER, four SIs are required. To send a BIER packet to all BFERs in the 
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network, four copies need to be sent by the BFIR. On the BFIR, it does not matter how the BFR-ids 
are allocated to BFERs in the network, but it does matter for efficiency further down in the 
network. 


areal area2 area3 
BFR1a BFR1b BFR2a BFR2b BFR3a BFR3b 
en / \ A || 
eva he: et eres ae eS 
| / \ / waf 
BFR4a BFR4b BFR5a BFR5b BFR6a BFR6b 
area4 area5 area6é 


Figure 17: Scaling BIER-TE Bits by Reuse 


With random allocation of BFR-ids to BFERs, each receiving area would (most likely) have to 
receive all four copies of the BIER packet because there would be BFR-ids for each of the four SIs 
in each of the areas. Only further towards each BFER would this duplication subside -- when 
each of the four trees runs out of branches. 


If BFR-ids are allocated intelligently, then all the BFERs in an area would be given BFR-ids with as 
few different SIs as possible. Each area would only have to forward one or two packets instead of 
four. 


Given how networks can grow over time, replication efficiency in an area will then also go down 
over time when BFR-ids are only allocated sequentially, network wide. An area that initially only 
has BFR-ids in one SI might end up with many SIs over a longer period of growth. Allocating SIs 
to areas that initially have sufficiently many spare bits for growth can help alleviate this issue. 
Alternatively, BFERs can be renumbered after network expansion. In this example, one may 
consider using six SIs and assigning one to each area. 


This example shows that intelligent BFR-id allocation within at least subdomain 0 can be helpful 
or even necessary in BIER. 


5.3.6.2. With BIER-TE 


In BIER-TE, one needs to determine a subset of the physical topology and attached BFERs so that 
the "desired" representation of this topology and the BFERs fit into a single BitString. This process 
needs to be repeated until the whole topology is covered. 


Once bits/SIs are assigned to the topology and BFERs, BFR-ids are just a derived set of identifiers 
from the operator / BIER-TE controller as explained above. 


Whenever different subtopologies have overlap, bits need to be repeated across the BitStrings, 
increasing the overall amount of bits required across all BitStrings/SIs. In the worst case, one 
assigns random subsets of BFERs to different SIs. This will result in an outcome much worse than 
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in (non-TE) BIER: it maximizes the amount of unnecessary topology overlap across SIs and 
therefore reduces the number of BFERs that can be reached across each individual SI. Intelligent 
BFER-to-SI assignment and selecting specific "desired" subtopologies can minimize this problem. 


To set up BIER-TE efficiently for the topology shown in Figure 17, the following bit allocation 
method can be used. This method can easily be expanded to other, similarly structured larger 
topologies. 


Each area is allocated one or more SIs, depending on the number of future expected BFERs and 
the number of bits required for the topology in the area. In this example, six SIs are used, one per 
area. 


In addition, we use four bits in each SI: 


bia: (b)it (i)/ngress (a) 
bib: (b)it G)ngress (b) 
bea: (b)it (e)gress (a) 
beb: (b)it (e)gress (b) 


These bits will be used to pass BIER packets from any BFIR via any combination of ingress area a/ 
b BFRs and egress area a/b BFRs into a specific target area. These bits are then set up with the 
right forward_routed() adjacencies on the BFIRs and area edge BFRs as follows. 


On all BFIRs in an area, j|j=1...6, bia in each BIFT:SI is populated with the same 
forward_routed(BFRja) and bib with forward_routed(BFRjb). On all area edge BFRs, bea in 
BIFT:SI=k|k=1...6 is populated with forward_routed(BFRka) and beb in BIFT:SI=k with 
forward_routed(BFRkb). 


For BIER-TE forwarding of a packet to a subset of BFERs across all areas, a BFIR would create at 
most six copies, with SI=1...SI=6. In each packet, the BitString includes bits for one area and the 
BFERs in that area, plus the four bits to indicate whether to pass this packet via the ingress area a 
or b border BFR and the egress area a or b border BFR, therefore allowing path steering for those 
two "unicast" legs: 1) BFIR to ingress area edge and 2) core to egress area edge. Replication only 
happens inside the egress areas. For BFERs that are in the same area as the BFIR, these four bits 
are not used. 


5.3.7. Summary 


BIER-TE can, like BIER, support multiple SIs within a subdomain. This allows application of the 
mapping BFR-id = SI * BSL + BP. This also permits the reuse of the BIER architecture concept of 
BFR-ids and, therefore, minimization of BIER-TE-specific functions in possible BIER layer control 
plane mechanisms with BIER-TE, including flow overlay methods and BIER header fields. 


The number of BFIRs/BFERs possible in a subdomain is smaller than in BIER because BIER-TE 
uses additional bits for the topology. 
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Subdomains in BIER-TE can be used as they are in BIER to create more efficient replication to 
known subsets of BFERs. 


Assigning bits for BFERs intelligently into the right SI is more important in BIER-TE than in BIER 
because of replication efficiency and the overall amount of bits required. 


6. Security Considerations 


If "Encapsulation for Bit Index Explicit Replication (BIER) in MPLS and Non-MPLS Networks" 
[RFC8296] is used, its security considerations also apply to BIER-TE. 


The security considerations of "Multicast Using Bit Index Explicit Replication (BIER)" [RFC8279] 
also apply to BIER-TE, with the following overriding or additional considerations. 


BIER-TE forwarding explicitly supports unicast "tunneling" of BIER packets via forward_routed() 
adjacencies. The BIER domain security model is based on a subset of interfaces on a BFR that 
connect to other BFRs of the same BIER domain. For BIER-TE, this security model equally applies 
to such unicast "tunneled" BIER packets. This not only includes the need to filter received unicast 
"tunneled" BIER packets to prohibit the injection of such "tunneled" BIER packets from outside 
the BIER domain but also the need to prohibit forward_routed(Q) adjacencies from leaking BIER 
packets from the BIER domain. It SHOULD be possible to configure interfaces to be part of a BIER 
domain solely for sending and receiving unicast "tunneled" BIER packets even if the interface 
cannot send/receive BIER encapsulated packets. 


In BIER, the standardized methods for the routing underlays are IGPs with extensions to 
distribute BFR-ids and BFR-prefixes. [RFC8401] specifies the extensions for IS-IS, and [RFC8444] 
specifies the extensions for OSPF. Attacking the protocols for the BIER routing underlay or (non- 
TE) BIER layer control plane, or the impairment of any BFRs in a domain, may lead to successful 
attacks against the information that BIER-TE learns from the routing protocol (routes, next hops, 
BFR-ids, ...), enabling DoS attacks against paths or the addressing (BFR-ids, BFR-prefixes) used by 
BIER. 


The reference model for the BIER-TE layer control plane is a BIER-TE controller. When such a 
controller is used, the impairment of an individual BFR in a domain causes no impairment of the 
BIER-TE control plane on other BFRs. If a routing protocol is used to support forward_routed() 
adjacencies, then this is still an attack vector as in BIER, but only for BIER-TE forward_routed() 
adjacencies and not other adjacencies. 


Whereas IGP routing protocols are most often not well secured through cryptographic 
authentication and confidentiality, communications between controllers and routers such as 
those to be considered for the BIER-TE controller / control plane can be, and are, much more 
commonly secured with those security properties -- for example, by using "Secure Shell" (SSH) 
[RFC4253] for NETCONF [RFC6242]; or via "Transport Layer Security" (TLS), such as [RFC8253] for 
PCEP [RFC5440] or [RFC7589] for NETCONF. BIER-TE controllers SHOULD use security equal to or 
better than these mechanisms. 
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When any of these security mechanisms/protocols are used for communications between a BIER- 
TE controller and BFRs, their security considerations apply to BIER-TE. In addition, the security 
considerations of "A Path Computation Element (PCE)-Based Architecture" [RFC4655] apply. 


The most important attack vector in BIER-TE is misconfiguration, either on the BFRs themselves 
or via the BIER-TE controller. Forwarding entries with DNC could be set up to create persistent 
loops, in which packets only expire because of TTL. To minimize the impact of such attacks (or, 
more likely, unintentional misconfiguration by operators and/or bad BIER-TE controller 
software), the BIER-TE forwarding rules are defined to be as strict in clearing bits as possible. The 
clearing of all bits with an adjacency on a BFR prohibits a looping packet from creating 
additional packet amplification through the misconfigured loop on the packet's second time or 
subsequent times around the loop, because all relevant adjacency bits would have been cleared 
on the first round through the loop. As a result, looping packets can occur in BIER-TE to the same 
degree as is possible with unintentional or malicious loops in the routing underlay with BIER, or 
even with unicast traffic. 


Deployments where BIER-TE would likely be beneficial may include operational models where 
actual configuration changes from the controller are only required during non-production 
phases of the network's life cycle, e.g., in embedded networks or in manufacturing networks 
during such activities as plant reworking or repairs. In these types of deployments, configuration 
changes could be locked out when the network is in production state and could only be 
(re-)enabled through reverting the network/installation to non-production state. Such security 
designs would not only allow a deployment to provide additional layers of protection against 
configuration attacks but would, first and foremost, protect the active production process from 
such configuration attacks. 


7. IANA Considerations 


This document has no IANA actions. 
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Appendix A. BIER-TE and Segment Routing (SR) 


SR [RFC8402] aims to enable lightweight path steering via loose source routing. For example, 
compared to its more heavyweight predecessor, RSVP-TE, SR does not require per-path signaling 
to each of these hops. 


BIER-TE supports the same design philosophy for multicast. Like SR, BIER-TE 


e relies on source routing (via a BitString), and 


e only requires consideration of the "hops" either (1) on which replication has to happen or (2) 
across which the traffic should be steered (even without replication). 


Any other hops can be skipped via the use of routed adjacencies. 


BIER-TE "bit positions" (BPs) can be understood as the BIER-TE equivalent of "forwarding 
segments" in SR, but they have a different scope than do forwarding segments in SR. Whereas 
forwarding segments in SR are global or local, BPs in BIER-TE have a scope that is comprised of 
one or more BFRs that have adjacencies for the BPs in their BIFTs. These segments can be called 
"adjacency-scoped" forwarding segments. 


Adjacency scope could be global, but then every BFR would need an adjacency for a given BP -- 
for example, a forward_routed() adjacency with encapsulation to the global SR "Segment 
Identifier" (SID) of the destination. Such a BP would always result in ingress replication, though 
(as in [RFC7988]). The first BFR encountering this BP would directly replicate traffic on it. Only by 
using non-global adjacency scope for BPs can traffic be steered and replicated on a non-BFIR. 
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SR can naturally be combined with BIER-TE and can help optimize it. For example, instead of 
defining bit positions for non-replicating hops, it is equally possible to use SR encapsulations 
(e.g., SR-MPLS label stacks) for the encapsulation of "forward_routed()" adjacencies. 


Note that (non-TE) BIER itself can also be seen as being similar to SR. BIER BPs act as global 
destination Node-SIDs, and the BIER BitString is simply a highly optimized mechanism to 
indicate multiple such SIDs and let the network take care of effectively replicating the packet hop 
by hop to each destination Node-SID. BIER does not allow the indication of intermediate hops or, 
in terms of SR, the ability to indicate a sequence of SIDs to reach the destination. On the other 
hand, BIER-TE and its adjacency-scoped BPs provide these capabilities. 
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